url mangling

May 15 2009

Fun with Google Docs Urls

I`m not a big user of docs.google.com , but occasionally I use it sharing a public document to work on with friends or collegues.

So we have this spreadsheet we're sharing with some family and friends to swap Disney stickers. Google Docs has the option to publish that document publicly as html for others to view.

So I tried , and it generated me a very nice url

http://spreadsheets.google.com/pub?key=rtlvf2-JSU1Pw-oPtuIZBPg&output=ht...

My sleepy eye catched the A1:C300 ending part .. which was generated by the friendly popup that asked me if I wanted to show all Sheets, or just a range of the page.

Dare I pasting that URL into another browser and change the range ? Like changing the range from A1:C300 to A1:D300 ?

Suprise suprise .. that worked ! I could perfectly see the content of the other cells.

Apart from pointing to the Google API the popup doesn't really mention that publishing only a range won't restrict the actual viewing off the other data.

I can imagine some less technical savvy people to expect the rest of their data is secure... Well, it obviously it's not !
Not sure if Google does this on purppose, or by accident.

If it stops working next week it was by accident :)